Zero-config, end-to-end encrypted agent-to-agent communication that never leaves your local network. No cloud. No internet. No compromises.
We looked for a way to make AI agents talk to each other on a local network. There was nothing.
× Requires HTTPS and internet. Your agents go silent when the cloud goes down.
× Solves agent-to-tool, not agent-to-agent. IronMesh fills that gap — the two stack together.
× Local IPC only. Can't cross machines on your LAN.
× Decentralized but complex DID setup, still assumes internet connectivity.
It sits under the agent frameworks and protocols you already use — giving them a transport that survives a router reboot, a dead ISP, or no internet at all.
┌─────────────────────────────────────────────────────┐
│ Your application │
├─────────────────────────────────────────────────────┤
│ Agent frameworks — LangChain · CrewAI · AutoGen │ adapters ship with IronMesh
├─────────────────────────────────────────────────────┤
│ Tool / context protocols — MCP · A2A │
├─────────────────────────────────────────────────────┤
│ IronMesh — identity · encryption · routing · queue │ this project
├─────────────────────────────────────────────────────┤
│ Transport — WebSocket over LAN · Reticulum / LoRa │
└─────────────────────────────────────────────────────┘
For offline-capable, peer-to-peer agent communication specifically, here's how the field looks.
| Feature | IronMesh | Google A2A | Anthropic MCP | ACP | ANP |
|---|---|---|---|---|---|
| Works offline / no internet | Yes | No | N/A | Yes | No |
| True peer-to-peer | Yes | No | No | No | Yes |
| Zero-config LAN discovery | Yes | No | No | No | No |
| End-to-end encryption | NaCl | TLS only | N/A | No | Yes |
| Forward secrecy | Yes | Depends | N/A | No | No |
| Multi-hop mesh routing | Yes | No | No | No | No |
| Capability discovery | Yes | No | No | No | No |
| LoRa / radio transport | Yes | No | No | No | No |
| Self-hosted, no vendor lock | Yes | No | No | No | Partial |
| Survives internet outage | Yes | No | N/A | Yes | No |
NaCl / libsodium crypto — the same library as Signal and WireGuard. Not homebrew. Not "encrypt later." Not "TLS is enough."
Ephemeral X25519 keys per session, destroyed after handshake. Compromising today's keys can't decrypt yesterday's traffic.
mDNS auto-discovers agents on your LAN. No manual IP config. Identity keys only exchanged during authenticated handshake.
HMAC-SHA256 passphrase proof. Both client and server prove identity. Ed25519 signatures on every single frame.
Distance-vector routing with split horizon and poisoned reverse. Messages traverse intermediate peers automatically.
Optional transport over LoRa radio at 915 MHz via Reticulum. No internet at all. Just RNode hardware and open spectrum.
Messages queued in encrypted SQLite when peers are offline. Automatically delivered on reconnect. Priority ordering built in.
v0.7.2 closed the production-hardening work. v0.8.0 makes the mesh easy to build on: high-level SDK, framework adapters, multi-mesh federation, a Go reference client, and a runnable Ollama swarm demo.
Ship runnable: examples/ollama_swarm.py. One node runs a local LLM and advertises llm:<model>; another discovers it by name and sends a prompt. No cloud, no API keys. The "multiple AI agents on your home network" demo.
High-level Agent class wraps the bridge daemon. Decorator-based message handlers, sync+async send, capability discovery. No asyncio boilerplate, no WebSocket plumbing.
First-party adapters for the three major agent frameworks. create_ironmesh_toolkit(), create_mesh_crew_agent(), register_ironmesh() — drop the mesh into an existing agent stack in one call.
FederationGateway bridges two independent meshes with policy-controlled capability forwarding. Each mesh keeps its own trust boundary; allow/deny glob rules control what crosses.
Full wire-protocol implementation in Go under clients/go/. Frame serialization, X25519 ECDH, XSalsa20-Poly1305, Ed25519 detached sigs, 3-stage handshake. Crypto primitives verified against the Python reference.
Ship an MCP server out of the box. Any MCP-capable agent (Claude Desktop, Claude Code, custom clients) can use IronMesh as a transport for agent-to-agent messaging. Eight tools over stdio JSON-RPC.
Bundled LXMF gateway bridges IronMesh to the Reticulum LXMF ecosystem. Send from your phone's Sideband app to any IronMesh peer. Verified end-to-end with a real Pixel over LoRa (100% delivery at SF8/BW125, 1.07–1.98 s RTT).
Mutual passphrase auth, signed ephemeral ECDH, channel binding. Three stages. Zero trust assumptions.
Client Server | | |<── PASSPHRASE_CHALLENGE ──────────────| (32-byte server nonce) |─── HMAC-SHA256(pass, nonce) ─────────>| |<── PASSPHRASE_VERIFIED + server_proof─| (mutual auth) | verify server_proof | | | |─── HELLO (eph_pub_A, id_pub_A) ──────>| signed(Ed25519) + channel_binding |<── HELLO (eph_pub_B, id_pub_B) ───────| signed(Ed25519) + channel_binding | TOFU check on id_pub_B | TOFU check on id_pub_A | | | ECDH(eph_priv_A, eph_pub_B) | ECDH(eph_priv_B, eph_pub_A) | = shared_secret | = shared_secret | (ephemeral privkeys destroyed) | (ephemeral privkeys destroyed) | | |<═══ Encrypted + Signed Messages ═════>| SecretBox + Ed25519 on every message
Raspberry Pi running Ollama talks to your desktop coding agent. No cloud. No API keys. No third parties.
Agents on a network with no internet coordinate tasks, share data, and run workflows over LoRa radio.
Self-contained AI network that works when the internet doesn't. Solar-powered Pi cluster. Local models.
Agents in isolated environments that can never touch the internet. Full encryption at rest and in transit.
All agent communication stays on your LAN. Nothing leaves your network. Nothing gets logged by anyone.
Phone, desktop, and server agents all talk directly to each other. mDNS discovery. Zero config.
Local-first. Offline-capable. Mesh-ready. Zero-config. No cloud required. Ever.